Up version, update Changelog.md (#474)

* up version, update Changelog.md * deprecate transport key types for acra-keys
cossacklabs · Dec 15, 2021 · 89d96b3 · 89d96b3
1 parent 6356b96
commit 89d96b3
Show file tree

Hide file tree

Showing 15 changed files with 65 additions and 18 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,51 @@
 # Acra ChangeLog
 
+## [0.91.0](https://github.com/cossacklabs/acra/releases/tag/0.91.0), December 16th 2021
+
+_Core_:
+- **AcraWebConfig, AcraAuthManager**:
+  - Have been deprecated and not supported anymore [#456](https://github.com/cossacklabs/acra/pull/456). The following changes have been made:
+    - removed `docker/acra-authmanager.dockerfile`, `docker/acra-webconfig.dockerfile` files.
+    - removed `acra-webconfig` and `acra-authmanager` from `docker/acra-build.dockerfile` file that is base image for all
+      other service's images.
+    - removed `acra-webconfig` and `acra-authmanager` from all `docker/docker-compose.*.yml` files.
+    - reserved [event codes](https://github.com/cossacklabs/acra/blob/0.90.0/logging/event_codes.go#L64) for log entries in range [550, 558] related to AcraWebConfig.
+- **AcraConnector**:
+  - Has been deprecated and will be removed in the next releases. AcraServer and AcraTranslator will accept only direct TLS. See [Transport security/TLS](https://docs.cossacklabs.com/acra/security-controls/transport-security/tls/).
+    connections from applications.
+  - Removed mentions and usage from [acra-engineering-demo](https://github.com/cossacklabs/acra-engineering-demo/tree/0.90.0)s.
+- **AcraKeymaker**:
+  - Some keys can be configured without ClientID [#454](https://github.com/cossacklabs/acra/pull/454).
+  - Removed `--generate_acrawebconfig_keys` flag according to AcraWebConfig/AcraAuthManager deprecation [#456](https://github.com/cossacklabs/acra/pull/456).
+- **AcraKeys**:
+  - `read` command supports symmetric encryption keys with ClientID and ZoneID [#472](https://github.com/cossacklabs/acra/pull/472/files).
+  - `generate` command:
+    - supports rotation for symmetric encryption keys with ZoneID [#472](https://github.com/cossacklabs/acra/pull/472/files).
+    - deprecates next flags: `--acraconnector_transport_key`, `--acraserver_transport_key`, `--acratranslator_transport_key`.
+    - removed `--acrawebconfig_symmetric_key` flag according to AcraWebConfig/AcraAuthManager deprecation [#456](https://github.com/cossacklabs/acra/pull/456).
+  - Improved handling CLI parameters related to Redis [#459](https://github.com/cossacklabs/acra/pull/459).
+- **AcraServer**:
+  - Removed `--auth_keys` parameter according to AcraWebConfig/AcraAuthManager deprecation [#456](https://github.com/cossacklabs/acra/pull/456).
+  - Removed `/loadAuthData`, `/getConfig`, `/setConfig` endpoints from HTTP API according to AcraWebConfig/AcraAuthManager deprecation [#456](https://github.com/cossacklabs/acra/pull/456).
+- **AcraTranslator**:
+  - Accepts `POST` HTTP request method additionally to `GET` for v2 API. Method `GET` marked as deprecated and warns with log message.
+  `Deprecated HTTP GET method was used. Please use HTTP POST method instead.` if was used [#466](https://github.com/cossacklabs/acra/pull/466).
+
+_Infrastructure_:
+- Build binaries with `-tags netgo` flag, that forces usage of Go resolver to solve issues related to resolving hostnames. 
+  between Docker containers. Updated `acra-build.dockerfile` used as base image for all `cossacklabs/acra-*` images ([#452](https://github.com/cossacklabs/acra/pull/452)).
+- Added missing parameter `--keystore=v1` for existing docker-compose files that caused errors ([#452](https://github.com/cossacklabs/acra/pull/452)).
+
+_Documentation_:
+- Has been updated :)
+- Improved guide about [integration AcraTranslator](https://docs.cossacklabs.com/acra/guides/integrating-acra-translator-into-new-infrastructure/) into infrastructure.
+- Extended description for AcraTranslator's [HTTP API](https://docs.cossacklabs.com/acra/guides/integrating-acra-translator-into-new-infrastructure/http_api/).
+
+_Example projects and demos_:
+- [Python examples](https://github.com/cossacklabs/acra/tree/0.90.0/examples/python): now work with TLS connections to 
+  AcraServer/Database. Also has been updated sqlalchemy version and binary column type from `Binary` to `LargeBinary` [#463](https://github.com/cossacklabs/acra/pull/463).
+- [acra-engineering-demo](https://github.com/cossacklabs/acra-engineering-demo/tree/0.90.0)s don't illustrate AcraConnector usage anymore. All applications and services connect to AcraServer directly.
+
 ## [0.90.0](https://github.com/cossacklabs/acra/releases/tag/0.90.0), November 05th 2021
 
 _New_:

diff --git a/CHANGELOG_DEV.md b/CHANGELOG_DEV.md
@@ -5,6 +5,7 @@
 - `acra-server` CLI parameters: `--securesession_id`, `--acraconnector_tls_transport_enable`, `--acraconnector_transport_encryption_disable`
 - `acra-keymaker` CLI parameters: `--generate_acraconnector_keys`, `--generate_acraserver_keys`, `--generate_acratranslator_keys`
 - `acra-translator` CLI parameters: `--securesession_id`, `--acraconnector_transport_encryption_disable`, `--acratranslator_tls_transport_enable`
+- `acra-keys` CLI parameters for `generate` command: `--acraconnector_transport_key`, `--acraserver_transport_key`, `--acratranslator_transport_key`
 
 ## 0.91.0 - 2021-12-13
 ### Changed

diff --git a/cmd/acra-keys/keys/generate.go b/cmd/acra-keys/keys/generate.go
@@ -200,9 +200,9 @@ func (g *GenerateKeySubcommand) RegisterFlags() {
 	g.flagSet.StringVar(&g.clientID, "client_id", "", "Client ID")
 	g.flagSet.StringVar(&g.zoneID, "zone_id", "", "Zone ID")
 	g.flagSet.StringVar(&g.masterKeyFile, "master_key_path", "", "Generate new random master key and save to file")
-	g.flagSet.BoolVar(&g.acraConnector, "acraconnector_transport_key", false, "Generate transport keypair for AcraConnector")
-	g.flagSet.BoolVar(&g.acraServer, "acraserver_transport_key", false, "Generate transport keypair for AcraServer")
-	g.flagSet.BoolVar(&g.acraTranslator, "acratranslator_transport_key", false, "Generate transport keypair for AcraTranslator")
+	g.flagSet.BoolVar(&g.acraConnector, "acraconnector_transport_key", false, "Generate transport keypair for AcraConnector (deprecated since 0.91.0, will be removed soon)")
+	g.flagSet.BoolVar(&g.acraServer, "acraserver_transport_key", false, "Generate transport keypair for AcraServer (deprecated since 0.91.0, will be removed soon)")
+	g.flagSet.BoolVar(&g.acraTranslator, "acratranslator_transport_key", false, "Generate transport keypair for AcraTranslator (deprecated since 0.91.0, will be removed soon)")
 	g.flagSet.BoolVar(&g.acraWriter, "client_storage_key", false, "Generate keypair for data encryption/decryption (for a client)")
 	g.flagSet.BoolVar(&g.newZone, "zone", false, "Generate new Acra storage zone")
 	g.flagSet.BoolVar(&g.rotateZone, "zone_storage_key", false, "Rotate existing Acra zone storage keypair")

diff --git a/configs/acra-addzone.yaml b/configs/acra-addzone.yaml
@@ -1,4 +1,4 @@
-version: 0.90.0
+version: 0.91.0
 # path to config
 config_file: 
 

diff --git a/configs/acra-backup.yaml b/configs/acra-backup.yaml
@@ -1,4 +1,4 @@
-version: 0.90.0
+version: 0.91.0
 # import|export values are accepted
 action: 
 

diff --git a/configs/acra-connector.yaml b/configs/acra-connector.yaml
@@ -1,4 +1,4 @@
-version: 0.90.0
+version: 0.91.0
 # Port of Acra HTTP API
 acraserver_api_connection_port: 9090
 

diff --git a/configs/acra-keymaker.yaml b/configs/acra-keymaker.yaml
@@ -1,4 +1,4 @@
-version: 0.90.0
+version: 0.91.0
 # Client ID
 client_id: client
 

diff --git a/configs/acra-keys.yaml b/configs/acra-keys.yaml
@@ -1,4 +1,4 @@
-version: 0.90.0
+version: 0.91.0
 # path to config
 config_file: 
 
@@ -140,13 +140,13 @@ private: false
 # read public key of the keypair
 public: false
 
-# Generate transport keypair for AcraConnector
+# Generate transport keypair for AcraConnector (deprecated since 0.91.0, will be removed soon)
 acraconnector_transport_key: false
 
-# Generate transport keypair for AcraServer
+# Generate transport keypair for AcraServer (deprecated since 0.91.0, will be removed soon)
 acraserver_transport_key: false
 
-# Generate transport keypair for AcraTranslator
+# Generate transport keypair for AcraTranslator (deprecated since 0.91.0, will be removed soon)
 acratranslator_transport_key: false
 
 # Generate symmetric key for log integrity checks

diff --git a/configs/acra-poisonrecordmaker.yaml b/configs/acra-poisonrecordmaker.yaml
@@ -1,4 +1,4 @@
-version: 0.90.0
+version: 0.91.0
 # path to config
 config_file: 
 

diff --git a/configs/acra-rollback.yaml b/configs/acra-rollback.yaml
@@ -1,4 +1,4 @@
-version: 0.90.0
+version: 0.91.0
 # Client ID should be name of file with private key
 client_id: 
 

diff --git a/configs/acra-rotate.yaml b/configs/acra-rotate.yaml
@@ -1,4 +1,4 @@
-version: 0.90.0
+version: 0.91.0
 # path to config
 config_file: 
 

diff --git a/configs/acra-server.yaml b/configs/acra-server.yaml
@@ -1,4 +1,4 @@
-version: 0.90.0
+version: 0.91.0
 # Path to AcraCensor configuration file
 acracensor_config_file: 
 

diff --git a/configs/acra-tokens.yaml b/configs/acra-tokens.yaml
@@ -1,4 +1,4 @@
-version: 0.90.0
+version: 0.91.0
 # path to config
 config_file: 
 

diff --git a/configs/acra-translator.yaml b/configs/acra-translator.yaml
@@ -1,4 +1,4 @@
-version: 0.90.0
+version: 0.91.0
 # Use raw transport (tcp/unix socket) between AcraTranslator and client app. It turns off reading trace from client app's side which usually sent by AcraConnector (deprecated since 0.91.0, will be removed soon).
 acraconnector_transport_encryption_disable: false
 

diff --git a/utils/version.go b/utils/version.go
@@ -26,7 +26,7 @@ import (
 // VERSION is current Acra suite version
 // store it as string instead initialized struct value to easy change/grep/sed/replace value via scripts or with
 // -ldflags "-X github.com/cossacklabs/acra/utils.VERSION=X.X.X"
-var VERSION = "0.90.0"
+var VERSION = "0.91.0"
 
 // Version store version info
 type Version struct {